Phone number for 2FA should not be considered as identifier

[festo]

Preflight checklist

• I could not find a solution in the existing issues, docs, nor discussions.
• I agree to follow this project's Code of Conduct.
• I have read and am following this repository's Contribution Guidelines.
• I have joined the Ory Community Slack.
• I am signed up to the Ory Security Patch Newsletter.

Ory Network Project

No response

Describe the bug

Hey guys,
We have a problem where the login flow returns "ID" instead of "Email" for the input's label text. I deep dived into the code and found the relevant function: https://github.com/ory/kratos/blob/master/selfservice/flow/login/extension_identifier_label.go#L48

If I understand right, it shows "ID" in case there are multiple properties. In some ways, it makes sense because there is no easy way to decide which one is the "main".

However, we have the following setup: email and password are used as the main identity credentials and we have a phone number for 2FA.

I think the E-Mail should be picked as Identifier Label

Reproducing the bug

• On Ory Network create a new schema where phone number is used for 2FA next to email+pwd login
• Render the login page
• It shows ID for the input label and not E-Mail

Relevant log output

Relevant configuration

Version

latest

On which operating system are you observing this issue?

Ory Network

In which environment are you deploying?

Ory Network

Additional Context

Schema definition:

{
  "$id": "https://schemas.ory.sh/presets/kratos/identity.email.schema.json",
  "$schema": "http://json-schema.org/draft-07/schema#",
  "title": "Person",
  "type": "object",
  "properties": {
    "traits": {
      "type": "object",
      "properties": {
        "email": {
          "type": "string",
          "format": "email",
          "title": "E-Mail",
          "ory.sh/kratos": {
            "credentials": {
              "password": {
                "identifier": true
              },
              "webauthn": {
                "identifier": true
              },
              "totp": {
                "account_name": true
              },
              "code": {
                "identifier": true,
                "via": "email"
              },
              "passkey": {
                "display_name": true
              }
            },
            "recovery": {
              "via": "email"
            },
            "verification": {
              "via": "email"
            },
            "organizations": {
              "matcher": "email_domain"
            }
          },
          "maxLength": 320
        },
        "phone": {
          "type": "string",
          "format": "tel",
          "title": "Phone Number",
          "ory.sh/kratos": {
            "credentials": {
              "code": {
                "identifier": true,
                "via": "sms"
              }
            }
          },
          "maxLength": 320
        }
      },
      "required": [
        "email"
      ],
      "additionalProperties": false
    }
  }
}